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Tuneprotectcom also affected by coinhive cryptocurrency mining breach 
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<S> 2.6K 
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It looks like Airasia’s Bigprepaid.com is not the only website affected by a hidden cryptocurrencv minin g (http:/ /lowy.at/VH34E ) breach today. 


Tuneprotect.com (htt p:/ /www.tuneprotect.com ). which is owned and operated under the Tune Group banner is also affected by a similar breach. 
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(2) Fewer details 




PA Easy 

Life is unpredictable - you’ll never know when 
an accident could happen. Protect yourself 
and your loved ones from financial strain if a 
calamity were to befall you. 


O 


Dental Easy 

Protect your pearly whites and save on 
expensive visits to the dentist. From only 
RM1* daily, our plans are guaranteed to 
put a smile on your face. 


(https:/ /www.lowyat.net /w p-content /u ploads/2017 /10 /Screenshot-2017-10-03-17.19. jpg) 

Digging through the source code of both sites, we have managed to locate some of the offending script embedded via an encrypted javascript call 
to https ://coin-hive. com/lib/coinhive.min.j s. 

Coinhive in itself offers a Javascript miner for the Monero Blockchain. They allow you to embed their code legally on your website so that visitors help 
you mine XMR (htt ps:/ /en.wikipedia.or g /wiki/Monero (cry ptocurrency )) as they browse your site. Its totally up to the website owner whether to 
inform the users that their CPU cycles are being used for mining or otherwise. 
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However in both the incidences of Bigprepaid and Tuneprotect, the code was encrypted and hidden so we are quite sure that this was done with some 
malicious intent to avoid the crypto currency miner being detected by users, or even the legitimate owners of the site. 
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href= ,r https: //www. tuneprotect. com/#">31</a></td><td class=" ui-datepicker-other-month ui-datepicker-unselectable ui- 
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<td class=" ui-datepicker-week-end ui-datepicker-other-month ui-datepicker-unselectable ui-state-disabled">&nbsp; 
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At time of writing, the site remains up and running. 


(UPDATE- 7PM). 

The offending code has been removed from the site. 


(UPDATE-824PM): 

Tune Protect has released a short statement regarding today’s incident, as shown in its fully below: 

QQTcd'fJJ. wr.re made aware of an unauthorised cryptocurrency mining Javascript on Tune Protects website. As an immedia4@.respc$ise, vyp havg 

removed the script from our websitdm^^^P9nrf^^f^Mg>t(99d^hMfy/the source of the script. 

(htt ps:/ /www.lowyat.net /) 
























































































We would like to assure our customers that we take their privacy seriously and have strong controls in place to protect their data. u T\ 
personal data nor information breaches from this issue. - Razman HaGdzAbu Zarim, Group CEO, Tune Protect Group Berhad. 


com- com- 


In general, the statement seems to be similar to the one released for AirAsia BIG Prepaid’s incident. Nevertheless, Tune Protect existing and potential 
customers should now be able to browse the website without worrying about unauthorized use by crypto currency script. 


I MORE: Russian En g ineers Arrested For Usin g Nuclear Weapons Supercomputer To Mine Bitcoin 
l(https://www.lowyat.net/2018/154663/russian-engineers-arrested-using-nuclear-weapons-supercomputer-mine-bitcoin/) 
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Add a comment... 
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Isfyandie Barji 

Now every pc can mine. 
Like ■ Reply ■ 5 ■ 22w 

Edmund Yung 


Wi 


Like ■ Reply ■ 22w 

Chai Chien Liang ■ Works at Self-Employed 


#MakeMiningGreatAgain 
Like ■ Reply ■ 22w 

Subramaniam Muniandy ■ Co-founder at Blazedistro 
unpatched websites, usually old version exploited 
Like ■ Reply ■ 1 ■ 22w 

Shukri Zahari 

Someone, somewhere probably enjoying free flight and shopping spree before putting up the mining codes up there. 
Like ■ Reply ■ 1 ■ 22w 

Edmund Yung 

Need to find out what company is doing those websites, and what other websites is under that company. 

Like ■ Reply ■ 1 ■ 22w 


Facebook Comments Plugin 
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market-may-focus-amd- gpus/) 

NEWS (https: / /WWW.LOWYAT.NET/NEWS /) 

Rumour: ASRock To Enter Graphics Card Market : May Focus On AMD GPUs 

rhttps:/ /www.lowyat.net/2018/l57015/rumour-asrock-enter- gra phics-card-market- 

may-focus-amd- qpus/) 


(https:/ /www.lowyat.net/2018/156759/40-bud g et-android-devices-found- 

ship-malware-pre-installed /) 

NEWS (HTTPSV/WWW.LOWYAT.NET/NEWS/l 

Over 40 Bud g et Android Devices Found To Ship With Malware Pre-Installed 

(https:/ /www.lowyat.net/2018/l56759/40-bud g et-android-devices-found-shi p- 

malware-pre-installed /) 
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(https:/ /www.lowyat.net/2018/lS5341/hackers-hi j acked-teslas-amazon-s3- 

cloud-system-mine-cryptocurrencv /) 

NEWS (hTTPSV/WWW.LOWYAT.NET/NEWS O 

Hackers Hi j acked Tesla’s Amazon S3 Cloud System To Mine Cryptocurrency 
(https:/ /www.lowyat.net/2018/l5534l/hackers-hi j acked-teslas-amazon-s3-cloud- 

s ystem- mine-cryptocurrency /) 


(https:/ /www.lowyat.net/2018/154900 /cry ptominin g -browser-hi j ack-seen- 
targ etin g -android-devices /) 

CRYPTOCURRENCY 0hTTPS: / /WWW.LOWYAT.NET/CRYPTOCURRENCy A) 

Cry ptominin g Browser Hi j ack Seen Tar g etin g Android Devices 

(https:/ /www.lowyat.net/2018/l54900 /cry ptominin g -browser-hi j ack-seen-tar g etin g- 

android-devices /) 


(https:/ /www.lowyat.net/2018/154723/thousands-us-uk-sites-made-miners- 

hacked /) 

CRYPTOCURRENCY OhTTPSV/WWW.LOWYAT.NET/CRYPTOCURRENCy A) 

Thousands of US and UK Sites Were Made Into Miners After Bein g Hacked 
(https:/ /www.lowyat.net/2018/l54723/thousands-us-uk-sites-made-miners-hacked /) 


(https:/ /www.lowyat.net/2018/154663/russian-en g ineers-arrested-usin g- 

nuclear-weapons-supercomputer-mine-bitcoin /) 

CRYPTOCURRENCY OHTTPSV/WWW.LOWYAT.NET/CRYPTOCURRENCY A) 

Russian En g ineers Arrested For Usin g Nuclear Weapons Supercomputer To Mine 
Bitcoin ( https:/ /www.lowyat.net/2018/l54663/russian-en g ineers-arrested-usin g- 
nuclea^weapons-supercomputei^mine-bitcoin /) 
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(https:/ /www.lowyat.net/2018/154268/worst-time-buy -gra phics-card /) 

EDITORIAL (https: / /WWW.LOWYAT.NET/EDITORIAL 0 

This Is The Worst Time To Buy A Graphics Card 

(https:/ /www.lowyat.net/2018/l54268/worst-time-buy -gra phics-card /) 


(https:/ /www.lowyat.net/2018/154032/amds-threadri p per-cpu-can- pa y-18- 

months-minin g/) 

CRYPTOCURRENCY (HTTPSV/WWW.LOWYAT.NET/CRYPTOCURRENCY O 

AMDs Threadri p per CPU Can Pay For Itself In 18 Months With Minin g 

(https:/ /www.lowyat.net/2018/l54032/amds-threadri p per-cpu-can- pa y-18-months- 

minin g/) 




(https:/ /www.lowyat.net /) 


ABOUT ADVERTISE (https: / /WWW.LOWYAT.NET/ADVERTISE-WITH-US /) JOBS (https: / /JOBS.LOWYAT.NET/COMPANY /13 /LOWYAT-MSC-SDN-BHD /) TEAM (https: / /WWW.LOWYAT.NET/THE-TEAM /) 

CONTACT (https: / /WWW.LOWYAT.NET/CONTACT-US /) 
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